Privacy preserving web-based email

Kevin Butler, William Enck, Jennifer Plasterr, Patrick Traynor, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Scopus citations


Recent web-based applications offer users free service in exchange for access to personal communication, such as on-line email services and instant messaging. The inspection and retention of user communication is generally intended to enable targeted marketing. However, unless specifically stated otherwise by the collecting service’s privacy policy, such records have an indefinite lifetime and may be later used or sold without restriction. In this paper, we show that it is possible to protect a user’s privacy from these risks by exploiting mutually oblivious, competing communication channels. We create virtual channels over online services (e.g., Google’s Gmail, Microsoft’s Hotmail) through which messages and cryptographic keys are delivered. The message recipient uses a shared secret to identify the shares and ultimately recover the original plaintext. In so doing, we create a wired “spread-spectrum” mechanism for protecting the privacy of web-based communication. We discuss the design and implementation of our open-source Java applet, Aquinas, and consider ways that the myriad of communication channels present on the Internet can be exploited to preserve privacy.

Original languageEnglish (US)
Title of host publicationInformation Systems Security - 2nd International Conference, ICISS 2006, Proceedings
EditorsAditya Bagchi, Vijayalakshmi Atluri
PublisherSpringer Verlag
Number of pages16
ISBN (Print)9783540689621
StatePublished - 2006
Event2nd International Conference on Information Systems Security, ICISS 2006 - Kolkata, India
Duration: Dec 19 2006Dec 21 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4332 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other2nd International Conference on Information Systems Security, ICISS 2006

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Privacy preserving web-based email'. Together they form a unique fingerprint.

Cite this